Msrc Windows 10 Version 1809 vulnerabilities

CVE-2022-37958 [HIGH] SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability FAQ: What is SPNEGO Extended Negotiation? The SPNEGO Extended Negotiation Security Mechanism (NEGOEX) extends Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) described in [RFC4178]. Please see SPNEGO Overview for more information. FAQ: According to the CVSS metric, the attack com

CVE-2022-38004 [HIGH] Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indic

CVE-2022-37955 [HIGH] Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Group Policy: Windows Group Policy Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploi

CVE-2022-37969 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An attacker must already

CVE-2022-34725 [HIGH] Windows ALPC Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to wi

CVE-2022-35832 [MEDIUM] Windows Event Tracing Denial of Service Vulnerability Windows Event Tracing Denial of Service Vulnerability Windows Event Tracing: Windows Event Tracing Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017315 Ref

CVE-2022-34728 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Stat

CVE-2022-35837 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the us

CVE-2022-35831 [MEDIUM] Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Access Connection Manager: Windows Remote Access Connection Manager Microsoft: Microsoft Customer Action Required: Ye

CVE-2022-38006 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the us

CVE-2022-30133 [CRITICAL] Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. Windows Point-to-Point Tunneling Protocol: Windows Point-to-Poin

CVE-2022-35744 [CRITICAL] Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. Windows Point-to-Point Tunneling Protocol: Windows Point-to-Poin

CVE-2022-35771 [HIGH] Windows Defender Credential Guard Elevation of Privilege Vulnerability Windows Defender Credential Guard Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Action Required: Yes Impact: Elev

CVE-2022-35795 [HIGH] Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Service Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Error Reporting: Windows Error Reporting Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status:

CVE-2022-30194 [HIGH] Windows WebBrowser Control Remote Code Execution Vulnerability Windows WebBrowser Control Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does th

CVE-2022-35751 [HIGH] Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability coul

CVE-2022-35768 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel: Windows Kernel Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software R

CVE-2022-35793 [HIGH] Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerab

CVE-2022-34701 [HIGH] Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP): Windows Secure Socket Tunneling Protocol (SSTP) Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Les

CVE-2022-35822 [HIGH] Windows Defender Credential Guard Security Feature Bypass Vulnerability Windows Defender Credential Guard Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Kerberos protection used by Defender Credential Guard. Windows Defender Credential Guard: Windows Defender Credential Guard Microsoft: Microsoft Customer Actio